Hi Sven,
Thank you for your report.
On 14/03/2025 13:57, Sven Mueller wrote:
Source: php-doctrine-persistence
[…]
The below analysis shows that tests are running not against the newest
version (the one just built but against the system installation of the
indirect build dependency on itself).
I’m well aware of this annoying behavior, that currently forces me to
upload a locally built binary package followed by a source only upload
(spoiler alert, this is not the only package affected). Basically, all
the phpunit dependency chain is likely affected.
Currently, the dependency classes are loaded by using their full path to
avoid a CVE-2024-24821 like exposure, so it is not possible to load the
new classes (since the system ones have already been loaded). I don’t
think it’s possible to overwrite this behavior, so we’re kind of stuck here.
It would be nice to be allowed to upload staged build packages to the
archive, building it first without tests (DEB_BUILD_OPTIONS=nocheck),
and then building the package again with the previously built one
installed, but that doesn’t seem like something we’ll be able to do, at
least on a short-time scale.
One option could be to totally ignore the testsuite at build time and
simply rely on the autopkgtest to spot regressions, but we’ll miss the
input from the “rebuild all the archive” efforts, and also the obvious
homemade build. On the other hand, it would make my (and probably your)
life a lot easier…
I’m not tagging this bug as wontfix (because it’s a pain I’d very much
like to get fixed), but I don’t know the best way forward. Hopefully,
other team members may shim in and even point at a silver bullet that I
missed.
Regards,
taffit,
